"3. forging return or reply-to address - "
I currently have this one happening , they even send them to me so I get to see
them , at least I know what "I" am trying to sell promote , hihi
Dan N8DCJ
________________________________
From: David Robbins <k1ttt@verizon.net>
To: towertalk@contesting.com
Sent: Thursday, August 16, 2012 1:19 PM
Subject: Re: [TowerTalk] Spam update
everyone should know there are at least 4 different ways you can be seen as
sending spam and not know about it... and not all of them can be fixed by
changing passwords!
1. virus on your machine - in this case the virus probably has access to your
local address book and mail client if you use a program like outlook to send
email. the virus in this case could send mail that looks just like you,
complete with stolen subject lines and even message text so that it looks like
something you would say. these may be found by virus or malware scanners, and
can also be spotted by periodic slowdowns in the machine response or high
network activity when you aren't doing anything. you may also get back bounce
messages and get cursed at by friends and relatives. of course if you have
this the virus could also steal credit card or other financial information, log
keystrokes to get other passwords, etc. this one can not be fixed by just
changing passwords since the program is running on your computer and you login
for it every time you get your mail.
2. hijack of pop/smtp password - if you use a mail service that uses a remote
pop/smtp server the password for it can be guessed or stolen by a keylogger or
other virus or hack of the isp's login or brute force. in this case the
password is given to a remote machine that sends mail through your isp that may
or may not look like it is coming from you. some isp's prevent this by only
accepting logins from their own ip address ranges, but not all of them do this
as it can prevent you from using their service while you are on the road. This
one will not be found by any scans on your computer, though your isp may be
able to detect it by a series of failed logins or abnormal mail volume or
strange ip addresses logging in as you. the hijacker would not have access to
your address book, but could intercept incoming email to get addresses and
other information. this one can be fixed by changing the password you use to
retrieve/send mail through the isp.
3. forging return or reply-to address - this is one that you can not detect or
stop. it is often only noticed because you get a rash of bounced email notices
from people you don't know. how this works is that someone gets your email
address, probably in a list bought or stolen for this purpose, or just scraped
off a web page or discussion forum where you use your real address for
replies. the address is then used to forge the headings on spam the sender is
generating so that it looks like you sent the mail, though if you look at the
details of the headers you will see it actually comes from some server other
than the one you send mail from. these servers are often quickly blacklisted
because of the volume of spam they generate so are changed regularly, as are
the addresses being used. the recipients probably have no relation to you as
they are also probably from some big list of addresses to be spammed. often in
messages sent like this the
'to' addresses will be hidden by usin
g bcc or if not there will be a whole series of alphabetically sorted
addresses. again, there is nothing you can do to stop this one. fortunately
the spammers that do this have LOTS of addresses to work from so it is likely
that yours will only be used for a short time.
4. hijack of webmail account - this is likely the source of many of the recent
spam attacks, someone has hacked yahoo and some other places and got a bunch of
passwords. though it can also be someone who has just brute force guessed
common passwords, or used some other exploit like phishing messages to get your
password... ever get one of those 'your mailbox is full' or 'your account has
been hacked' messages that asks for your email address and password so the
administrator can fix it before you get cut off??? if you respond then you
have just given the spammer another account to send their stuff from. this
could also compromise other accounts if you use it to collect mail from other
services as it would have login/password information for other services you
use. for this reason i prefer to use outlook running on my computer to collect
mail from the different accounts i use. when this happens again the spammer
gets access to your on-line
address book (but not one you may have o
n your local pc only), and all the mail you may store on the server, so they
can send mail that looks like it comes from you. if you can still login you
can change the password and it 'should' stop this one, unless the hacker
intercepts the password change request and cancels it, or changes it so you can
no longer log in. this can be particularly bad if you have abandoned an
account since you won't see replies to the accounts or notices from the
provider so the spammer has free run of it until the provider cuts it off.
Aug 16, 2012 12:45:09 PM, dearborn9@sbcglobal.net wrote:
I have received 14 direct messages that say "Just change your password"
Thanks to all but..................when this junk started over 8 months
ago that was the first thing I did was change my email password. I'm
retired from a federal Law enforcement agency, identified by three
letters . I know how to make up passwords using lots of mixed up letters
etc, the govt is full of those!.......so far nothing has helped but
thanks to all for the idea. Also to the one that said 'try changing your
feedline to a better coax!!!! I admit that one did get to me. 73
Jim- WA9FPT
_______________________________________________
_______________________________________________
TowerTalk mailing list
TowerTalk@contesting.com
http://lists.contesting.com/mailman/listinfo/towertalk
_______________________________________________
_______________________________________________
TowerTalk mailing list
TowerTalk@contesting.com
http://lists.contesting.com/mailman/listinfo/towertalk
_______________________________________________
_______________________________________________
TowerTalk mailing list
TowerTalk@contesting.com
http://lists.contesting.com/mailman/listinfo/towertalk
|